DefCon 17 Mystery Challenge

Share

DefCon 17 Mystery Challenge

LAS VEGAS – One of the main tenets of hacking, to explore and understand complex systems, is the basis for one of DefCon's most popular and difficult contests: The DefCon Mystery Challenge.

For the last four years, Ryan "LostboY" Clarke has spent months thinking up creative puzzles, ciphers, tricks and codes, which he combines with physical security, hardware and software hacking challenges, to push teams of hackers to their limits in their quest for lifetime free passes to DefCon – the reward for anyone who can crack the annual Mystery Challenge. Threat Level covered the mystery challenge at DefCon 16, and this year Clarke made the contest even more complex.

The challenge began with a random blog post on the DefCon Mystery Challenge website. The contestants had to solve an encrypted riddle hidden in the binary of an an image on Clarke's website to qualify. Once they arrived at DefCon in Las Vegas, the team members were given a packet of information to help them gather clues to solve the challenge.

This year Clarke wanted teams to collaborate, so he added a social element to the challenge. He also provided tokens to each team to exchange for hints when they were stuck. Unspent tokens were converted to points at the end of the challenge.

One of the first items the contestants received was a CD of random music. One track was embedded with hidden messages, which became visible when the track was viewed as a waterfall in Audacity:

After solving this clue, the contestants received a mystery box. The boxes this year were sealed with two locks that had to be picked.

Unlike last year's mystery boxes, the ones this year didn't play a large role in the mystery message; they just contained parts that the contestants had to solder together to build wireless and laser transmitters:

Clarke provided contestants with an LCD readout and receiver for the laser and wireless signals.

Using the clues provided up to this point, the contestants wrote software to power the transmitter. The software caused Clarke's system to release more clues.

Upon successfully sending the correct message to the receiver, a video projector was triggered. What the teams didn't know was that the projector was hidden inside a mannequin's head in a separate room.

Some of the contestants finally realized where the projector was with just hours before the competition was scheduled to end. To solve the final riddle, they held a translucent piece of paper up to the projected image. The projector then illuminated Korean and Chinese characters, which provided the solution to the mystery challenge. The team members had to SMS the solution to Clarke's phone.

The winning team this year was Grifter and l3d. According to Clarke, next year will be the last mystery challenge.